Business associate agreement



Download 23.21 Kb.
Date17.07.2017
Size23.21 Kb.
#23566
BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (“BAA”), effective 7/18/2007 (“Effective Date”), is entered into by and between Ansaphone Service, Inc. (the “Business Associate”) and __________________________ with an addresses at __________________________, (the “Covered Entity”) (each a “Party” and collectively the “Parties”).


The Business Associate is a Telephone Answering Service and the Covered Entity is an _______________________ The Parties have a prior oral or written agreement (the "agreement") under which the Business Associate regularly uses and/or discloses Protected Health Information (“PHI”) in its performance of the Services described below. Both Parties are committed to complying with the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Regulation”) and the Standards for Security of Individually Identifiable Health Information (the “Security Regulation”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This Agreement sets forth the terms and conditions pursuant to which PHI that is provided by, created, received, maintained or transmitted by, the Business Associate from or on behalf of the Covered Entity (“Protected Health Information”), will be handled between the Business Associate and the Covered Entity and with third parties during the term of their agreement and after its termination. The Parties agrees as follows:

1. PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION

1.1 Services. Pursuant to the Agreement, Business Associate provides services (“Services”) for the Covered Entity that involve the use and disclosure of Protected Health Information (“PHI”). Except as otherwise specified herein, the Business Associate may make any and all uses of Protected Health Information necessary to perform its obligations under the Agreement. All other uses not authorized by this Agreement are prohibited. Moreover, Business Associate may disclose Protected Health Information for the purposes authorized by this Agreement only, (i) to its employees, subcontractors and agents, in accordance with Section 2.1(d), (ii) as directed by the Covered Entity, or (iii) as otherwise permitted by the terms of this Agreement including, but not limited to, Section 1.2(b) below.
1.2 Business Activities of the Business Associate. Unless otherwise limited herein, the Business Associate may:


  1. use the Protected Health Information in its possession for its proper management and administration and to fulfill any present or future legal responsibilities of the Business Associate provided that such uses are permitted under state and federal confidentiality laws.




  1. disclose the Protected Health Information in its possession to third parties for the purpose of its proper management and administration or to fulfill any present or future legal responsibilities of the Business Associate, provided that the Business Associate represents to the Covered Entity, in writing, that (i) the disclosures are required by law, as provided for in 45 C.F.R. § 164.501 or (ii) the Business Associate has received from the third party written assurances regarding its confidential handling of such Protected Health Information as required under 45 C.F.R. § 164.504(e)(4).


1.3 Additional Activities of Business Associate. In addition to using the Protected Health Information to perform the Services set forth in Section 1.1 of this Agreement, Business Associate may:


  1. aggregate the Protected Health Information in its possession with the Protected Health Information of other covered entities that the Business Associate has in its possession through its capacity as a business associate to said other covered entities provided that the purpose of such aggregation is to provide the Covered Entity with data analyses relating to the Health Care Operations of the Covered Entity. Under no circumstances may the Business Associate disclose Protected Health Information of one Covered Entity to another Covered Entity absent the explicit authorization of the Covered Entity.




  1. de-identify any and all Protected Health Information provided that the de-identification conforms to the requirements of 45 C.F.R. § 164.514(b), and further provided that the Covered Entity maintains the documentation required by 45 C.F.R. § 164.514(b) which may be in the form of a written assurance from the Business Associate. Pursuant to 45 C.F.R. § 164.502(d)(2), de-identified information does not constitute Protected Health Information and is not subject to the terms of this Agreement.



2. RESPONSIBILITIES OF THE PARTIES WITH RESPECT TO PROTECTED HEALTH INFORMATION

2.1 Responsibilities of the Business Associate. With regard to its use and/or disclosure of PHI, the Business Associate hereby agrees to do the following:


  1. use and/or disclose the PHI only as permitted or required by this Agreement or as otherwise required by law.




  1. report to the designated Privacy Officer and/or Security Officer of the Covered Entity, in writing, any use and/or disclosure of the PHI that is not permitted or required by this Agreement of which Business Associate becomes aware within 30 days of the Business Associate’s discovery of such unauthorized use and/or disclosure.




  1. use commercially reasonable efforts to maintain the security of the PHI and to prevent unauthorized use and/or disclosure of such Protected Health Information.




  1. require all of its subcontractors and agents that receive or use, or have access to, PHI under this Agreement to agree, in writing, to adhere to the same restrictions and conditions on the use and/or disclosure of PHI that apply to the Business Associate pursuant to section 2 of this Agreement.




  1. make available all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Secretary of HHS for purposes of determining the Covered Entity’s compliance with the Privacy and/or Security Regulation, subject to attorney-client and other applicable legal privileges.




  1. upon prior written request, make available during normal business hours at Business Associate’s offices all records, books, agreements, policies and procedures relating to the use and/or disclosure of Protected Health Information to the Covered Entity within 30 days for purposes of enabling the Covered Entity to determine the Business Associate’s compliance with the terms of this Agreement.




  1. within 30 days of receiving a written request from the Covered Entity, provide to the Covered Entity such information as is requested by the Covered Entity to permit the Covered Entity to respond to a request by an individual for an accounting of the disclosures of the individual's Protected Health Information in accordance with 45 C.F.R. § 164.528.




  1. subject to Section 3.4 below, return to the Covered Entity or destroy, within 30 days of the termination of this Agreement, the Protected Health Information in its possession and retain no copies. This includes, but is not limited to; all media, media backups, and any other files (i.e. sound or .wav files) and/or paper which contains PHI.


2.2 Responsibilities of the Covered Entity. With regard to the use and/or disclosure of Protected Health Information by the Business Associate, the Covered Entity hereby agrees:


  1. to inform the Business Associate of any changes in the form of notice of privacy practices (the “Notice”) that the Covered Entity provides to individuals pursuant to 45 C.F.R. §164.520, and provide the Business Associate a copy of the Notice currently in use.




  1. to inform the Business Associate of any changes in, or withdrawal of, the consent or authorization provided to the Covered Entity by individuals pursuant to 45 C.F.R. §164.506 or §164.508.

  2. to inform the Business Associate of any opt-outs exercised by any individual from marketing and/or fundraising activities of the Covered Entity pursuant to 45 C.F.R. § 164.514(e).




  1. to notify the Business Associate, in writing and in a timely manner, of any arrangements permitted or required of the Covered Entity under 45 C.F.R. part 160 and 164 that may impact in any manner the use and/or disclosure of Protected Health Information by the Business Associate under this Agreement, including, but not limited to, restrictions on use and/or disclosure of Protected Health Information as provided for in 45 C.F.R. § 164.522 agreed to by the Covered Entity.

  1. that Business Associate may make any use and/or disclosure of Protected Health Information permitted under 45 C.F.R. § 164.512 except uses or disclosure for research are not permitted without prior approval by the covered entity.

3. TERMS AND TERMINATION

3.1 Term. This Agreement shall become effective on the Effective Date and shall continue in effect until all obligations of the Parties have been met, unless terminated as provided in this Section 3.

3.2 Termination by the Covered Entity. As provided for under 45 C.F.R. § 164.504(e)(2)(iii), the Covered Entity may terminate this Agreement and any related agreements if the Covered Entity makes the determination that the Business Associate has breached a material term of this Agreement. The Covered Entity must : (i) provide the Business Associate with 30 day’s written notice of the existence of an alleged material breach; and (ii) afford the Business Associate an opportunity to cure said alleged material breach upon mutually agreeable terms. Nonetheless, in the event that mutually agreeable terms can not be achieved within 30 days, Business Associate must cure said breach to the reasonable satisfaction of the Covered Entity.

3.3 Automatic Termination. This Agreement will automatically terminate without any further action of the Parties upon the termination or expiration of a previous oral or written agreement between the Parties.

3.4 Effect of Termination. Upon the event of termination pursuant to this Section 3, Business Associate agrees to return or destroy all Protected Health Information pursuant to 45 C.F.R. § 164.504(e)(2)(I), if it is feasible to do so. If it is not feasible for the Business Associate to return or destroy said Protected Health Information, the Business Associate will notify the Covered Entity in writing. Said notification shall include: (i) a statement that the Business Associate has determined that it is infeasible to return or destroy the Protected Health Information in its possession, and (ii) the specific reasons for such determination, which reasons the Parties agree may include, but are not limited to, b bb ackup media. Business Associate further agrees to extend any and all protections, limitations and restrictions contained in this Agreement to the Business Associate’s use and/or disclosure of any Protected Health Information retained after the termination of this Agreement, and to limit any further uses and/or disclosures to the purposes that make the return or destruction of the Protected Health Information infeasible.

4. MISCELLANEOUS

4.1 Covered Entity. For purposes of this Agreement, Covered Entity shall include all entities covered by the joint notice of information practices (or privacy notice), which includes hospitals, laboratories, imaging centers, nursing facilities, and medical offices.

4.2 Business Associate. For purposes of this Agreement, Business Associate shall include the named Business Associate herein. However, in the event that the Business Associate is otherwise a covered entity under the Privacy and/or Security Regulation, that entity may appropriately designate a health care component of the entity, pursuant to 45 C.F.R. § 164.504(a), as the Business Associate for purposes of this Agreement.

4.3 Amendments; Waiver. This Agreement may not be modified, nor shall any provision hereof be waived or amended, except in a writing duly signed by authorized representatives of the Parties. A waiver with respect to one event shall not be construed as continuing, or as a bar to or waiver of any right or remedy as to subsequent events.

4.4 No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations, or liabilities whatsoever.

4.5 Notices. Any notices to be given hereunder to a Party shall be made via U.S. Mail or express courier to such Party’s address given below, and/or (other than for the delivery of fees) via facsimile to the facsimile telephone numbers listed below.

If to Business Associate, to: If to Covered Entity, to:



Ansaphone Service, Inc. ______________________________________

1212 Hancock Street ______________________________________

Quincy, MA 02169 ______________________________________
Attention: Betty J Porter, Pres. Attn: Privacy Officer

Fax: 617-689-0778 Fax: __________________________________

Each Party named above may change its address and that of its representative for notice by the giving of notice thereof in the manner hereinabove provided.

4.6 Counterparts; Facsimiles. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original. Facsimile copies hereof shall be deemed to be originals.


    1. Survival. The respective rights and obligations of Business Associate and Covered Entity under the provisions of Sections 3.4, 4.4, and Section 2.1 solely with respect to Protected Health Information Business Associate retains in accordance with Section 3.4, because it is not feasible to return or destroy such Protected Health Information, shall survive termination of this Agreement indefinitely.

5. Definitions.

5.1 Catch-all: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule.



IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf effective as of ______ ____, 20_____.

COVERED ENTITY BUSINESS ASSOCIATE
By: ______________________________ By: _____________________________
Print Name: _______________________ Print Name:_______________________
Title: _____________________________ Title: ____________________________
Date: _____________________________ Date: ____________________________





Download 23.21 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page